Server-to-Server FTP Transfer

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008

You can configure IIS to allow server-to-server FTP transfers by changing the EnableDataConnTo3rdIP and EnablePasvConnFrom3rdIP keys in the system registry. By default, the EnablePasvConnFrom3rdIP registry key is disabled to prevent malicious attacks against the FTP service. Although details for configuring server-to-server transfers are listed below, Microsoft does not recommend enabling the EnablePasvConnFrom3rdIP registry key on IIS-based FTP servers connected to the Internet.

Important

Using Registry Editor incorrectly can cause serious problems that require reinstalling the operating system. Because Registry Editor bypasses the standard safeguards that prevent you from entering settings that are conflicting or likely to degrade performance or damage your system, exercise caution when making changes to the registry. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. For information about how to edit the registry, see the "Changing Keys and Values" topic in Registry Editor Help.

The procedure below lists the steps required to transfer a binary file (called MyFile.xls) from Server1 (IP Address: 192.168.0.10) to Server2 (IP Address: 192.168.1.20) using the command-line FTP client on Workstation1. You must have Write permissions granted on Server2 for this example to work. You must also have two computers running the IIS-based FTP service.

The server that initiates the data channel (Server1 in this

example) must have the following value set in the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSFTPSVC\Parameters\EnableDataConnTo3rdIP=1

Server2 must have the following value set in the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSFTPSVC\Parameters\EnablePasvConnFrom3rdIP=1

In normal client/server FTP transfers, the user is only responsible for entering "friendly" commands to the server; the client responds automatically. When a server-to-server FTP transfers is performed, another server is the client. Therefore, the user is responsible for sending all FTP commands to both servers (in RFC959 format, preceded by the "literal" keyword).

Procedures

To transfer a binary file between FTP servers

  1. Connect to Server1 using a command-line FTP client. (This connection will be referred to as Client1).

  2. Connect to Server2 using a command-line FTP client. (This connection will be referred to as Client2).

  3. Issue the following command in Client2: literal pasv.

    The computer responds with: 227 Entering Passive Mode (192,168,1,20,15,61).

    Note that 15,61 represents the low and high order bytes of the port number (port 3901 in this case), which is randomly assigned with each FTP connection. As a result, the last two numbers of this string will be different.

  4. Issue the following command in Client1: literal port 192,168,1,20,15,61.

    The computer responds with: 200 Port Command Successful.

    Use the IP and port string returned in step 3.

  5. Issue the following command in both Client1 and Client2: literal type i.

    The computer responds with: 200.

  6. Type set to I.

  7. Issue the following command in Client1: literal retr myfile.bin.

    The computer responds with: 125 Data Connection already open; Transfer Starting.

  8. Issue the following command in Client2: literal stor myfile.bin.

    The computer responds with: Opening BINARY mode data connection for myfile.bin.

  9. Continue issuing the literal stat command on Client2 until it returns a 211 response indicating "No data connection is listed".

    This 211 response message is several lines long and indicates that the transfer is no longer in progress.

  10. To transfer files from Server2 to Server1, issue the literal retr command from Client1 and the literal stor command from Client2.

File Transfer Alternatives

If you are concerned about FTP security, or if a network security device like a firewall prevents server-to-server data transmission, consider using a file transfer alternative like Web authoring with WebDAV. WebDAV is the recognized standard for HTTP file transfers.

  • For information about port, pasv, stor, retr, stat, and other literal FTP commands, see the World Wide Web Consortium Web site.